Legal claims defining the scope of protection. Each claim is shown in both the original legal language and a plain English translation.
1. A method for identifying and detecting threats to an enterprise or e-commerce system, the method comprising: grouping log lines belonging to one or more log line parameters from one or more enterprise or e-commerce system data sources or from incoming data traffic to the enterprise or e-commerce system; extracting one or more features from the grouped log lines into one or more features tables; using one or more statistical outlier detection methods on the one or more features tables to identify statistical outliers; labeling, in response to received instructions, the statistical outliers to create one or more labeled features tables; using the one or more labeled features tables to create an adaptive rules model for further identification of statistical outliers; when identified labeled statistical outliers comprise a sparsely labeled real data set, applying artificial intelligence processing to said identified labeled statistical outliers, comprising the steps of: receiving said sparsely labelled real data set for identifying malicious data and comprising real, labelled feature vectors; generating a synthetic data set comprising a plurality of synthetic feature vectors derived from said real, labelled feature vectors; identifying said sparsely labelled real data set as a local data set and said synthetic data set as a global set; applying a transfer learning framework for mixing said global data set with said local data set for increasing the precision recall area under curve (PR AUC) for reducing false positive indications occurring the in analysis of said threats to the enterprise; and preventing access by various threats to the enterprise or e-commerce system and detecting threats to the enterprise or e-commerce system in real-time based on a model formed using the generated synthetic data set.
This invention relates to threat detection in enterprise or e-commerce systems by analyzing log data and traffic patterns. The method groups log lines from multiple system data sources or incoming traffic, extracting features into tables. Statistical outlier detection methods identify anomalies, which are then labeled to create a rules-based model for further threat identification. When labeled data is sparse, artificial intelligence processes generate synthetic feature vectors to supplement real labeled data. The real data is treated as a local set, while synthetic data forms a global set. A transfer learning framework combines these datasets to improve threat detection accuracy, reducing false positives and enhancing precision and recall. The system operates in real-time to prevent and detect threats by analyzing the synthetic data-driven model. The approach leverages both statistical and AI-based techniques to adaptively improve threat detection performance.
2. The method of claim 1 , further comprising the steps of labeling the output of a single top scores vector, and said adaptive rules model to create at least one labeled features matrix for providing new input to a supervised learning module for updating one or more identified threat labels.
This invention relates to cybersecurity systems that use machine learning to detect and classify threats. The problem addressed is the need for adaptive threat detection that improves over time by incorporating new threat data and refining classification models. The system employs an adaptive rules model that processes threat data to generate a top scores vector, which represents potential threats ranked by likelihood. The method further includes labeling the output of this vector to create a labeled features matrix. This matrix serves as input to a supervised learning module, which updates threat labels based on new data. The adaptive rules model continuously refines its threat detection capabilities by integrating feedback from the supervised learning module, enabling the system to adapt to evolving threats. The labeled features matrix ensures that the supervised learning module receives structured, labeled data for accurate model updates. This approach enhances threat detection accuracy and reduces false positives by dynamically adjusting to new threat patterns. The system is particularly useful in environments where threat landscapes change frequently, such as network security, malware detection, and intrusion prevention.
3. The method of claim 1 , further comprising the step of refining said adaptive rules model for identifying statistical outliers and preventing access to said enterprise system of categorized threats by detecting new threats in real time and reducing a time elapsed between threat detection of the enterprise system.
This invention relates to cybersecurity systems for enterprise networks, specifically improving threat detection and response mechanisms. The technology addresses the challenge of identifying and mitigating emerging cyber threats in real time to minimize the time between threat detection and system access prevention. The core method involves an adaptive rules model that dynamically categorizes threats based on statistical analysis. The model is refined through continuous monitoring to detect statistical outliers, which are flagged as potential threats. The refinement process includes real-time threat detection to reduce the latency between identifying a threat and blocking access to the enterprise system. This adaptive approach allows the system to evolve with new threat patterns, improving accuracy and response speed. The method ensures that once a threat is detected, access to the enterprise system is promptly restricted, enhancing overall security. The system may also incorporate additional threat detection techniques, such as anomaly detection and behavioral analysis, to further strengthen its ability to identify and mitigate risks. The goal is to create a proactive defense mechanism that adapts to evolving threats while minimizing false positives and reducing the window of vulnerability for the enterprise system.
4. The method of claim 1 , further comprising the step of generating negative labels for training and evaluation by designating unlabeled feature vectors as negative and randomly sampling unlabeled feature vectors within a predetermined date range corresponding to a date range of existing positive samples.
This invention relates to machine learning systems for training and evaluating models using labeled and unlabeled data. The problem addressed is the challenge of generating reliable negative training samples in scenarios where only a limited number of positive samples are available, making it difficult to train accurate models. The solution involves a method for generating negative labels by designating unlabeled feature vectors as negative samples and randomly sampling unlabeled feature vectors within a specific date range that corresponds to the date range of existing positive samples. This ensures that the negative samples are temporally aligned with the positive samples, improving the model's ability to distinguish between relevant and irrelevant data. The method may also include preprocessing steps to extract feature vectors from raw data, such as converting text into numerical representations, and applying dimensionality reduction techniques to optimize the feature space. The generated negative labels are then used to train and evaluate machine learning models, enhancing their performance by providing a balanced and representative set of training examples. This approach is particularly useful in applications like anomaly detection, recommendation systems, and fraud detection, where labeled negative data is scarce.
5. The method of claim 1 , further comprising the step of generating and using synthetic feature vectors from real, labelled feature vectors for resolving data sparsity limitations when modeling anomalous events.
This invention relates to improving anomaly detection in data modeling by addressing data sparsity issues. The method involves generating synthetic feature vectors from real, labeled feature vectors to enhance the robustness of anomaly detection systems. Data sparsity occurs when there is insufficient labeled data representing rare or anomalous events, making it difficult for models to accurately identify such events. By creating synthetic feature vectors, the method artificially expands the available training data, ensuring that the model can better recognize and classify anomalies. The synthetic feature vectors are derived from real, labeled feature vectors through techniques such as data augmentation, interpolation, or generative modeling. These synthetic vectors mimic the characteristics of real anomalies while introducing controlled variations to improve generalization. The method ensures that the synthetic data retains the essential patterns of the original labeled data, preventing the introduction of unrealistic or misleading features. By incorporating these synthetic feature vectors into the training process, the model becomes more resilient to data sparsity, leading to improved detection accuracy for rare or anomalous events. This approach is particularly useful in applications where labeled anomaly data is scarce, such as fraud detection, network intrusion monitoring, or industrial equipment failure prediction. The method enhances the reliability of anomaly detection systems by mitigating the limitations imposed by insufficient training data.
6. The method of claim 1 , further comprising the step of using a transfer learning framework for simulating the effect of mixing synthetic and real feature vectors for forming a guideline in the absence of online A/B testing for evaluating experimental models for identifying malicious data on fresh, new datasets.
This invention relates to improving the evaluation of machine learning models designed to detect malicious data in new datasets. The problem addressed is the lack of online A/B testing capabilities for assessing experimental models on fresh, previously unseen data. Without real-world testing, it is difficult to determine how well a model will perform in production environments. The solution involves a transfer learning framework that simulates the effects of mixing synthetic and real feature vectors. This approach generates a guideline for evaluating experimental models without requiring live A/B testing. The framework leverages pre-existing data to create synthetic variations, which are then combined with real data to simulate real-world conditions. By analyzing the performance of models on this mixed dataset, developers can estimate how the models will behave on new, unseen data. This method reduces reliance on live testing while providing a robust evaluation process. The technique is particularly useful for security applications where detecting malicious data is critical, and real-world testing may be impractical or risky. The framework ensures that models are thoroughly tested before deployment, improving accuracy and reliability in identifying threats.
7. An apparatus for training a big data machine to defend an enterprise system, the apparatus comprising: one or more processors; system memory coupled to the one or more processors; one or more non-transitory memory units coupled to the one or more processors; and threat identification and detection code stored on the one or more non-transitory memory units that when executed by the one or more processors are configured to perform a method, the method comprising: grouping log lines belonging to one or more log line parameters from one or more enterprise or e-commerce system data sources or from incoming data traffic to the enterprise or e-commerce system; extracting one or more features from the grouped log lines into one or more features tables; using the one or more labeled features tables to create an adaptive rules model for identification of statistical outliers; labeling, in response to received instructions, the statistical outliers to create one or more labeled features tables; using the one or more labeled features tables to create one or more rules for further modifying the adaptive rules model for identification of statistical outliers; when identified labeled statistical outliers comprise a sparsely labeled real data set, applying artificial intelligence processing to said identified labeled statistical outliers, comprising the steps of: receiving said sparsely labelled real data set for identifying malicious data and comprising real labelled feature vectors; generating a synthetic data set comprising a plurality of synthetic feature vectors derived from said real, labelled feature vectors; identifying said sparsely labelled real data set as a local data set and said synthetic data set as a global set; applying a transfer learning framework for mixing said global data set with said local data set for increasing the precision recall area under curve (PR AUC) for reducing false positive indications occurring the in analysis of said threats to the enterprise; and preventing access by various threats to the enterprise or e-commerce system and detecting threats to the enterprise or e-commerce system in real-time based on a model formed using the generated synthetic data set.
The apparatus is designed to train a machine learning system for defending enterprise or e-commerce systems against cyber threats. The system processes log data from multiple sources, including system logs and incoming traffic, to identify and mitigate security risks. It groups log lines based on specific parameters, extracts features into structured tables, and uses these features to build an adaptive rules model for detecting statistical outliers. Human operators can label these outliers to refine the model, creating rules that improve threat detection accuracy. For cases where labeled data is scarce, the system generates synthetic data from real labeled feature vectors to enhance training. It applies transfer learning to combine real and synthetic datasets, improving precision and recall while reducing false positives. The system operates in real-time, preventing unauthorized access and detecting threats based on the trained model. The approach leverages artificial intelligence to handle sparse labeled datasets, ensuring robust threat detection even with limited real-world examples.
8. The apparatus of claim 7 , further comprising the steps of labeling the output of a single top scores vector, and said adaptive rules model to create at least one labeled features matrix for providing new input to a supervised learning module for updating one or more identified threat labels.
This invention relates to cybersecurity systems that use machine learning to detect and classify threats. The problem addressed is the need for adaptive threat detection that improves over time by incorporating feedback from labeled outputs. The system includes a threat detection module that generates a top scores vector representing potential threats. This vector is then labeled, and the labeled data is used to create a labeled features matrix. The matrix is fed into a supervised learning module, which updates threat labels based on new input. The adaptive rules model continuously refines threat detection by learning from labeled outputs, improving accuracy and reducing false positives. The system dynamically adjusts to evolving threats by incorporating real-time feedback, ensuring more reliable threat classification. The labeled features matrix serves as training data for the supervised learning module, enabling iterative improvements in threat detection performance. This approach enhances the system's ability to identify and respond to emerging threats effectively.
9. The apparatus of claim 7 , further comprising the step of refining said adaptive rules model for identifying statistical outliers and preventing access to said enterprise system of categorized threats by detecting new threats in real time and reducing a time elapsed between threat detection of the enterprise system.
This invention relates to cybersecurity systems for enterprise networks, specifically focusing on real-time threat detection and adaptive rule-based threat prevention. The system employs an adaptive rules model to identify statistical outliers, which are potential threats, and blocks access to the enterprise system from these categorized threats. The adaptive rules model is continuously refined to improve threat detection accuracy and reduce the time between threat detection and prevention. The system monitors network activity in real-time, analyzing data to detect new threats as they emerge. By refining the rules model dynamically, the system adapts to evolving threat patterns, ensuring timely and effective threat mitigation. This approach minimizes the window of vulnerability by shortening the time elapsed between detecting a threat and preventing its access to the enterprise system. The system enhances security by proactively identifying and blocking threats before they can exploit system vulnerabilities, improving overall enterprise network protection.
10. The apparatus of claim 7 , wherein said threat identification and detection code stored on the one or more non-transitory memory units perform a method that further comprises the step of generating negative labels for training and evaluation by designating unlabeled feature vectors as negative and randomly sampling unlabeled feature vectors within a predetermined date range corresponding to a date range of existing positive samples.
This invention relates to cybersecurity systems for threat identification and detection, specifically improving machine learning-based threat detection by generating synthetic negative training data. The problem addressed is the scarcity of labeled negative samples in threat detection datasets, which can lead to biased or ineffective machine learning models. The invention enhances a threat detection apparatus by implementing a method to artificially generate negative labels for training and evaluation purposes. The method designates unlabeled feature vectors as negative samples and randomly selects additional unlabeled feature vectors within a predefined date range that aligns with the date range of existing positive threat samples. This ensures that the negative samples are contextually relevant to the positive samples, improving the model's ability to distinguish between threats and non-threats. The apparatus includes one or more non-transitory memory units storing threat identification and detection code, which executes this method to augment training datasets. The approach helps mitigate data imbalance issues in threat detection systems, leading to more robust and accurate machine learning models.
11. The apparatus of claim 7 , further comprising the step of generating and using synthetic feature vectors from real, labelled feature vectors for resolving data sparsity limitations when modeling anomalous events.
The invention relates to improving anomaly detection systems by addressing data sparsity limitations. Anomaly detection systems often struggle with insufficient labeled data, making it difficult to accurately model rare or unusual events. The invention introduces a method for generating synthetic feature vectors derived from real, labeled feature vectors to enhance the training data available for anomaly detection models. By augmenting the dataset with these synthetic vectors, the system can better generalize and detect anomalies even when real-world labeled data is scarce. The synthetic feature vectors are designed to preserve the statistical properties of the original data while introducing controlled variations to simulate potential anomalies. This approach helps mitigate the sparsity problem, improving the robustness and accuracy of anomaly detection in scenarios where labeled data is limited. The invention is particularly useful in applications such as fraud detection, network security, and industrial monitoring, where rare events are critical to identify but difficult to model with conventional methods. The synthetic feature vectors are generated using techniques that ensure they remain representative of real-world conditions, thereby maintaining the reliability of the anomaly detection system.
12. The apparatus of claim 7 , wherein said threat identification and detection code stored on the one or more non-transitory memory units perform a method that further comprises the step of using a transfer learning framework for simulating the effect of mixing synthetic and real feature vectors for forming a guideline in the absence of online A/B testing for evaluating experimental models for identifying malicious data on fresh, new datasets.
This invention relates to cybersecurity systems for detecting malicious data in new datasets. The problem addressed is the challenge of evaluating experimental models for threat detection when online A/B testing is unavailable, particularly with fresh datasets lacking sufficient historical data. The solution involves an apparatus with threat identification and detection code that employs a transfer learning framework. This framework simulates the effects of mixing synthetic and real feature vectors to generate guidelines for model evaluation. The synthetic feature vectors are artificially generated data points designed to mimic real-world malicious and benign patterns, while real feature vectors are derived from actual observed data. By combining these, the system creates a simulated environment that approximates real-world conditions, allowing for the assessment of experimental models without requiring live testing. This approach enables accurate evaluation of new detection models on fresh datasets where historical data is limited, improving the reliability of threat identification in evolving cybersecurity landscapes. The apparatus includes memory units storing the detection code and processing units executing the transfer learning framework to generate and analyze the mixed feature vectors.
13. An enterprise system for providing networked computing services to a large enterprise, said enterprise system, comprising: an apparatus for training a big data machine to defend an enterprise system, said apparatus comprising: one or more processors; system memory coupled to the one or more processors; one or more non-transitory memory units coupled to the one or more processors; and threat identification and detection code stored on the one or more non-transitory memory units that when executed by the one or more processors are configured to perform a method, the method comprising: grouping log lines belonging to one or more log line parameters from one or more enterprise or e-commerce system data sources or from incoming data traffic to the enterprise or e-commerce system; extracting one or more features from the grouped log lines into one or more features tables; using the one or more labeled features tables to create an adaptive rules model for further identification of statistical outliers; labeling, in response to received instructions, the statistical outliers to create one or more labeled features tables; using the one or more labeled features tables to create one or more rules for further modifying the adaptive rules model for identification of statistical outliers; when identified labeled statistical outliers comprise a sparsely labeled real data set, applying artificial intelligence processing to said identified labeled statistical outliers, comprising the steps of: receiving said sparsely labelled real data set for identifying malicious data and comprising real labelled feature vectors; generating a synthetic data set comprising a plurality of synthetic feature vectors derived from said real, labelled feature vectors; identifying said sparsely labelled real data set as a local data set and said synthetic data set as a global set; applying a transfer learning framework for mixing said global data set with said local data set for increasing the precision recall area under curve (PR AUC) for reducing false positive indications occurring the in analysis of said threats to the enterprise; and preventing access by various threats to the enterprise or e-commerce system and detecting threats to the enterprise or e-commerce system in real-time based on a model formed using the generated synthetic data set.
An enterprise system provides networked computing services to large enterprises by defending against cyber threats using machine learning and artificial intelligence. The system includes an apparatus for training a big data machine to identify and mitigate threats. The apparatus comprises processors, system memory, and non-transitory memory units storing threat identification and detection code. The code groups log lines from enterprise or e-commerce system data sources or incoming data traffic based on log line parameters. Features are extracted from these grouped log lines into feature tables. Labeled feature tables are used to create an adaptive rules model for detecting statistical outliers. These outliers are labeled to refine the model, generating rules for further modification. When labeled outliers form a sparsely labeled real data set, artificial intelligence processing is applied. The system receives the sparsely labeled real data set, which includes real labeled feature vectors, and generates a synthetic data set with synthetic feature vectors derived from the real data. The real data set is treated as a local data set, while the synthetic data is considered a global set. A transfer learning framework mixes the global and local data to improve precision and recall, reducing false positives in threat analysis. The system prevents and detects threats in real-time using a model built from the synthetic data set.
14. The enterprise system of claim 13 , further comprising the steps of labeling the output of a single top scores vector, and said adaptive rules model to create at least one labeled features matrix for providing new input to a supervised learning module for updating one or more identified threat labels.
This invention relates to an enterprise security system designed to improve threat detection and response by leveraging adaptive machine learning models. The system addresses the challenge of accurately identifying and classifying security threats in real-time within large-scale enterprise environments, where traditional static rule-based approaches often fail to adapt to evolving attack patterns. The system includes a threat detection module that processes network or system data to generate a top scores vector, representing potential threats ranked by likelihood. This vector is then labeled, and the labeled data is used to create a labeled features matrix. This matrix serves as input to a supervised learning module, which updates threat labels based on new data. The adaptive rules model continuously refines its threat detection criteria by incorporating feedback from the labeled data, improving accuracy over time. The system also integrates a feedback loop where detected threats are validated and labeled, ensuring the learning model remains current with emerging threats. By combining automated scoring with supervised learning, the system dynamically adapts to new attack vectors, reducing false positives and enhancing threat detection efficiency. This approach enables enterprises to maintain robust security postures in dynamic threat landscapes.
15. The enterprise system of claim 13 , further comprising the step of refining said adaptive rules model for identifying statistical outliers and preventing access to said enterprise system of categorized threats by detecting new threats in real time and reducing a time elapsed between threat detection of the enterprise system.
The enterprise system is designed to enhance cybersecurity by identifying and mitigating threats in real time. The system categorizes threats based on predefined criteria and employs an adaptive rules model to detect statistical outliers that may indicate malicious activity. This model is continuously refined to improve accuracy and responsiveness. The system actively monitors for new threats, reducing the time between detection and response. By dynamically adjusting its rules, the system prevents unauthorized access and strengthens the overall security posture of the enterprise. The adaptive nature of the model allows it to evolve with emerging threats, ensuring sustained protection against evolving cyber risks. The system integrates threat detection, categorization, and real-time response mechanisms to provide a comprehensive security solution. This approach minimizes vulnerabilities and enhances the ability to counteract threats before they cause significant damage. The refinement process ensures the system remains effective against both known and emerging threats, maintaining robust security for enterprise operations.
16. The enterprise system of claim 13 , wherein said apparatus for training a big data machine further comprises threat identification and detection code stored on the one or more non-transitory memory units for performing a method that further comprises the step of generating negative labels for training and evaluation by designating unlabeled feature vectors as negative and randomly sampling unlabeled feature vectors within a predetermined date range corresponding to a date range of existing positive samples.
The invention relates to an enterprise system for training big data machines, specifically addressing the challenge of generating labeled data for threat identification and detection in large-scale datasets. The system includes an apparatus for training a big data machine, which incorporates threat identification and detection code. This code performs a method to generate negative labels for training and evaluation by designating unlabeled feature vectors as negative samples. The method further involves randomly sampling unlabeled feature vectors within a predetermined date range that corresponds to the date range of existing positive samples. This approach ensures that the training data includes a balanced representation of both positive and negative examples, improving the accuracy and reliability of threat detection models. The system leverages big data processing capabilities to handle large volumes of data efficiently, enabling enterprises to enhance their security measures by training machine learning models on diverse and representative datasets. The method ensures that the negative samples are contextually relevant by aligning their date ranges with those of the positive samples, thereby maintaining the temporal consistency of the training data. This technique is particularly useful in cybersecurity applications where detecting threats requires distinguishing between normal and malicious activities based on historical data patterns.
17. The enterprise system of claim 13 , further comprising the step of generating and using synthetic feature vectors from real, labelled feature vectors for resolving data sparsity limitations when modeling anomalous events.
The invention relates to enterprise systems designed to detect and model anomalous events, particularly addressing challenges related to data sparsity. In enterprise environments, detecting anomalies is critical for security, fraud prevention, and operational efficiency, but sparse data can hinder accurate modeling. The system generates synthetic feature vectors derived from real, labeled feature vectors to overcome this limitation. These synthetic vectors augment the available data, improving the system's ability to identify and model rare or anomalous events. The process involves analyzing existing labeled data to create additional synthetic data points that mimic the statistical properties of the real data, thereby enhancing the robustness of anomaly detection algorithms. This approach ensures that the system can effectively learn from limited datasets while maintaining high accuracy in identifying genuine anomalies. The synthetic feature vectors are integrated into the modeling process, allowing the system to generalize better and reduce false positives or negatives. This technique is particularly useful in scenarios where labeled anomaly data is scarce, such as in emerging threats or niche operational conditions. The overall system provides a scalable and adaptive solution for enterprise anomaly detection, improving decision-making and risk management.
18. The enterprise system of claim 13 , wherein said apparatus for training a big data machine further comprises threat identification and detection code stored on the one or more non-transitory memory units for performing a method that further comprises the step of using a transfer learning framework for simulating the effect of mixing synthetic and real feature vectors for forming a guideline in the absence of online A/B testing for evaluating experimental models for identifying malicious data on fresh, new datasets.
The enterprise system is designed for big data machine learning, specifically addressing the challenge of evaluating machine learning models in environments where online A/B testing is unavailable. The system includes an apparatus for training big data machines, which incorporates threat identification and detection code. This code implements a transfer learning framework to simulate the effects of mixing synthetic and real feature vectors. By doing so, the system generates guidelines for assessing experimental models without relying on live A/B testing. This approach allows for the evaluation of models on fresh, new datasets, improving the detection of malicious data. The system leverages synthetic data to enhance model robustness and accuracy when real-world testing is impractical or unavailable. The transfer learning framework enables the system to adapt pre-trained models to new data distributions, ensuring reliable threat detection in dynamic environments. This solution is particularly valuable in scenarios where real-time testing is limited, such as in highly regulated or sensitive systems where live experimentation is restricted. The system's ability to simulate mixed data environments provides a practical alternative to traditional testing methods, improving security and efficiency in big data applications.
Unknown
November 24, 2020
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.